This is a migrated thread and some comments may be shown as answers.

Security Exception when in Medium trust

2 Answers 229 Views

Editor

This is a migrated thread and some comments may be shown as answers.

Roger asked on 07 Mar 2011, 05:17 PM

I'm getting a security exception when using the RadEditor in Medium Trust

Web.config

 
<

 

system.web >   
 
 
<

 

trust level="Medium" originUrl="" />


 

 

....

...

<httpHandlers>

<remove verb="*" path="*.asmx" />

<add verb="*" path="*.asmx" validate="false" type=

"System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"

/>

<add verb="*" path="*_AppService.axd" validate="false" type=

"System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"

/>

<add verb="GET,HEAD" path="ScriptResource.axd" type=

"System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"

validate="false" />

<add path="ChartImage.axd" type="Telerik.Web.UI.ChartHttpHandler" verb="*" validate="false" />

<add path="Telerik.Web.UI.SpellCheckHandler.axd" type="Telerik.Web.UI.SpellCheckHandler" verb="*" validate="false" />

<add path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler" verb="*" validate="false" />

<add path="Telerik.RadUploadProgressHandler.ashx" type="Telerik.Web.UI.RadUploadProgressHandler" verb="*" validate="false" />

<add path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource, Telerik.Web.UI" verb="*" validate="false" />

</httpHandlers>

<system.webServer>

<validation validateIntegratedModeConfiguration="false" />

<modules>

<remove name="ScriptModule" />

<add name="ScriptModule" preCondition="managedHandler" type=

"System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"

/>

<remove name="RadUploadModule" />

<add name="RadUploadModule" type="Telerik.Web.UI.RadUploadHttpModule" preCondition="integratedMode,runtimeVersionv2.0" />

<remove name="RadCompression" />

<add name="RadCompression" type="Telerik.Web.UI.RadCompression" preCondition="integratedMode,runtimeVersionv2.0" />

</modules>

<handlers>

<remove name="WebServiceHandlerFactory-Integrated" />

<remove name="ScriptHandlerFactory" />

<remove name="ScriptHandlerFactoryAppServices" />

<remove name="ScriptResource" />

<add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type=

"System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"

/>

<add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type=

"System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"

/>

<add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type=

"System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"

/>

<remove name="ChartImage_axd" />

<add name="ChartImage_axd" path="ChartImage.axd" type="Telerik.Web.UI.ChartHttpHandler" verb="*" preCondition="integratedMode,runtimeVersionv2.0" />

<remove name="Telerik_Web_UI_SpellCheckHandler_axd" />

<add name="Telerik_Web_UI_SpellCheckHandler_axd" path="Telerik.Web.UI.SpellCheckHandler.axd" type="Telerik.Web.UI.SpellCheckHandler" verb="*" preCondition="integratedMode,runtimeVersionv2.0" />

<remove name="Telerik_Web_UI_DialogHandler_aspx" />

<add name="Telerik_Web_UI_DialogHandler_aspx" path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler" verb="*" preCondition="integratedMode,runtimeVersionv2.0" />

<remove name="Telerik_RadUploadProgressHandler_ashx" />

<add name="Telerik_RadUploadProgressHandler_ashx" path="Telerik.RadUploadProgressHandler.ashx" type="Telerik.Web.UI.RadUploadProgressHandler" verb="*" preCondition="integratedMode,runtimeVersionv2.0" />

<remove name="Telerik_Web_UI_WebResource_axd" />

<add name="Telerik_Web_UI_WebResource_axd" path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource, Telerik.Web.UI" verb="*" preCondition="integratedMode,runtimeVersionv2.0" />

</handlers>

<defaultDocument>

<files>

<clear />

<add value="default.aspx" />

<add value="index.html" />

<add value="Default.htm" />

<add value="index.htm" />

<add value="Default.asp" />

<add value="iisstart.htm" />

</files>

</defaultDocument>

</system.webServer>

Master Page

<form id="form1" runat="server">

<telerik:RadScriptManager ID="RadScriptManager1" OutputCompression="AutoDetect" ScriptMode="Release" runat="server" LoadScriptsBeforeUI="True"

EnableScriptCombine="True">

<Scripts>

<%--Needed for JavaScript IntelliSense in VS2010--%>

<%--For VS2008 replace RadScriptManager with ScriptManager--%>

<asp:ScriptReference Assembly="Telerik.Web.UI" Name="Telerik.Web.UI.Common.Core.js" />

<asp:ScriptReference Assembly="Telerik.Web.UI" Name="Telerik.Web.UI.Common.jQuery.js" />

<asp:ScriptReference Assembly="Telerik.Web.UI" Name="Telerik.Web.UI.Common.jQueryInclude.js" />

</Scripts>

</telerik:RadScriptManager>

<telerik:RadStyleSheetManager ID="RadStyleSheetManager1" OutputCompression="AutoDetect" runat="server">

</telerik:RadStyleSheetManager>

<%--RestoreOriginalRenderDelegate="false" needed for godaddy hosting, which runs in Medium Trust--%>

<%--http://www.telerik.com/community/forums/aspnet-ajax/scheduler/not-enough-permissions-inherit-your-page-class-from-radajaxpage-if-you-are-running-under-medium-trust-level.aspx--%>

<telerik:RadAjaxManager ID="RadAjaxManager1" runat="server" RestoreOriginalRenderDelegate="false">

</telerik:RadAjaxManager>

<telerik:RadSkinManager ID="RadSkinManager1" runat="server">

</telerik:RadSkinManager>

<telerik:RadWindowManager EnableEmbeddedSkins="true" ID="RadWindowManager1" runat="server"

InitialBehaviors="None" EnableViewState="true" DestroyOnClose="true" Behaviors="Close, Resize, Maximize, Move"

ShowContentDuringLoad="true">

<Windows>

<telerik:RadWindow runat="server" InitialBehaviors="None" Left="" Top="" ID="Features"

Behaviors="Close, Resize, Maximize, Move" Height="400" Modal="True" VisibleStatusbar="false"

Width="1000px" DestroyOnClose="false" ShowContentDuringLoad="true" ReloadOnShow="True"

OnClientClose="ClearWindow" Animation="None" NavigateUrl="">

</telerik:RadWindow>

</Windows>

</telerik:RadWindowManager>

<telerik:RadFormDecorator ID="RadFormDecorator2" DecoratedControls="All" runat="server"

DecorationZoneID="ZoneID1"></telerik:RadFormDecorator>

<div class="DesignWidth" style="height: 100%;">

<div id="ZoneID1" style="height: 100%;">

<uc1:Header ID="Header1" runat="server" />

<uc2:Menu ID="Menu1" runat="server" />

<telerik:RadAjaxPanel ID="PagePanel" runat="server" LoadingPanelID="RadAjaxLoadingPanel1"

RestoreOriginalRenderDelegate="false">

<asp:ContentPlaceHolder ID="ContentPlaceHolder1" runat="server">

</asp:ContentPlaceHolder>

</telerik:RadAjaxPanel>

</div>

<telerik:RadAjaxLoadingPanel ID="RadAjaxLoadingPanel1" runat="server" HorizontalAlign="Center"

Skin="Default">

</telerik:RadAjaxLoadingPanel>

</form>

Content Page

<%@ Page Title="" Language="vb" AutoEventWireup="false" MasterPageFile="~/TenkillerTaxidermy.Master" CodeBehind="Test.aspx.vb" Inherits="TenkillerTaxidermy.Test" %>

<%@ Register Assembly="Telerik.Web.UI" Namespace="Telerik.Web.UI" TagPrefix="telerik" %>

<asp:Content ID="Content1" ContentPlaceHolderID="ContentPlaceHolder1" runat="server">

<telerik:RadEditor ID="reap_HTMLContent" ToolbarMode="Default" ContentAreaMode="Div"

AllowScripts="true" runat="Server" Width="875px" AutoResizeHeight="false">

<Modules>

<telerik:EditorModule Name="RadEditorHtmlInspector" Enabled="false" Visible="false" />

<telerik:EditorModule Name="RadEditorNodeInspector" Enabled="false" Visible="false" />

<telerik:EditorModule Name="RadEditorDomInspector" Enabled="false" Visible="false" />

<telerik:EditorModule Name="RadEditorStatistics" Enabled="true" Visible="true" />

</Modules>

</telerik:RadEditor>

</asp:Content>

Exception

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]

System.Security.CodeAccessSecurityEngine.SpecialDemand(PermissionType whatPermission, StackCrawlMark& stackMark) +0

System.Security.CodeAccessPermission.DemandInternal(PermissionType permissionType) +30

System.Runtime.Serialization.Formatters.Binary.ObjectWriter.Serialize(Object graph, Header[] inHeaders, __BinaryWriter serWriter, Boolean fCheck) +143

System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Serialize(Stream serializationStream, Object graph, Header[] headers, Boolean fCheck) +231

System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Serialize(Stream serializationStream, Object graph) +17

System.Web.UI.ObjectStateFormatter.SerializeValue(SerializerBinaryWriter writer, Object value) +3316

--------------------------------------------------------------------------------

Version Information: Microsoft .NET Framework Version:2.0.50727.4952; ASP.NET Version:2.0.50727.4955

2 Answers, 1 is accepted

answered on 08 Mar 2011, 03:34 PM

I've managed to track this issue down to the below in my App_Browsers page, this is only an issue when in Medium Trust. When in Medium trust, I get the Security exceptions as described in the original post. If I remove the APP_Browswers Director all the RadEditor dialogs seem to work fine in Medium Trust.

I've also added the below to the web.config, but no change, the security exceptions continues when in medium trust.

<sessionPageState historySize="20" />

PageStateAdapter.browser

<browsers>

<browser refID="Default">

<controlAdapters>

<adapter controlType="System.Web.UI.Page" adapterType="Telerik.Web.UI.RadSessionPageStateCompression" />

</controlAdapters>

</browser>

</browsers>

answered on 10 Mar 2011, 10:41 AM

Hi Roger,

Thank you for reporting this problem.

I was able to reproduce it and logged it for fixing in our PITS system. We are currently working hard on RadControls for ASP.NET AJAX Q1 2011 and we will be able to investigate this problem after the release, scheduled for the end of next week. Here you can find the PITS Issue and check it status: Public URL.

Your Telerik points were updated for your bug report as well.

Best regards,
Rumen
the Telerik team

Registration for Q1 2011 What’s New Webinar Week is now open. Mark your calendar for the week starting March 21st and book your seat for a walk through all the exciting stuff we ship with the new release!